Spyder Forensics Open-Source Intelligence (OSINT)
32 Hours / 4 Days
This Foundations course will introduce to the world of Open-Source Intelligence (OSINT) information research, collection, exploitation, and analysis.
Primary Learning Modules
Agenda: OSINT is becoming increasingly important across investigations of all types, especially for law enforcement and government agencies. This course will teach you how apply good attribution to protect your identity and organization by providing defensive techniques in the operating environment, including misattribution and creation and usage of sock puppets. Common legal challenges in the collection and usage of OSINT will be discussed while learning OSINT research skills, manual OSINT collection methodologies, and explore automation options within OSINT collection environment.
This course includes the following:
Intro (can you OSINT this for me?)
What is OSINT? More importantly, what ISN’T OSINT?
Legal/Privacy/Policy considerations
Defensive OSINT/Personal Privacy
- Sock puppets/personas/UC accounts
- “Burner” phones
- “Dirty” laptops
- Off network devices
- Drawbacks
- Misattribution systems/Anonymous Browsing
- VPNs
- Practical- setting up a UC Persona Suite
- Tor (intro)
- Cleaning up your internet presence/ Erasing/minimizing your footprint (why; erasing not truly possible but scattering disinformation possible to provide appropriate coverage) (can I ever really be a ghost?) (hiding in plain sight)
- Sock puppet maintenance methodology
- iOS and android location exploitation/safety guides for travel (know your apps and privacy settings)
Search Engines
- Bing
- DuckDuckGo
- Baidu
- Yandex
Reverse Image Searching
- Google Images
- Yandex
Selector/Identifier Exploitation (easily at minimum 1 hour per block, two with practicals)
- Phone numbers
- Manual
- The phone or nox method (marinating!)
- User name
- Email address
- IP address
- IPv4 Vs IPv6
- Is it a TOR node?
- Internet of things
- Domain Name
Metadata (Images/Videos/documents)
- What is it
- How to change it
- Matching your metadata for photos to your ‘emulator’ type (IE, android 5 camera, etc)
Geolocations and Maps (geolocated social media posts, co-locating existing subpoena records with social media posts; Ad-ID possible as a quick overview)
Blogs/Forums (Quora, Reddit, 4Chan, 8Kun)
Social media exploitation (break down by platform-focus on 4 big ones and youtube-address: phone apps and desktop for each)
- YouTube
Messaging platforms and Chat Apps (Encryption?)
- Telegram
- FB Messenger
- Signal
- Snapchat (heatmaps; location)
Dating platforms and apps (location services, vetting persons)
- Bumble
- Hinge
- Tinder
Records
-
Business records (registrations, taxes)
-
Public records (property, court, aggregation sites)
-
Financial Records (OFAC, political donor records, public employee records)
“Foreign” Apps (popular outside US)
- VK (Russia)
- OK (Russia)
- GETTR (Brazil, South America)
Scripting and GitHub
- Gamera
SALE- Situational Awareness for Live Events (Tactical OSINT)
- Live video feeds-weather bug
- Local video cameras
- Foreign video feeds
- YouTube live
- Other live platforms (IG Live, Twitter videos, FB Live, etc)
- Rapid Photo/Video Analysis for location data
User Driven Block
- Identify locations of students during day 1 (or based on registration data) and identify specific regional resources that they can use
Class Materials & Software
You will receive a student manual, lab exercises and other class-related material
Course Information
- 32hrs of Instruction
- Course Manual
- Practical Files
- Attendance Certificate
Prerequisites
- Have minimal experience
of forensic examinations.
Request the Syllabus
